User Guide
Page 1
... page 242 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 1 and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature... History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. This feature was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS...
... page 242 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 1 and 36-Port Ethernet Switch Module (NM-16ESW and NM-36ESW) for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature... History Release 12.2(2)XT 12.2(8)T 12.2(15)ZJ Modification This feature was integrated into Cisco IOS Release 12.2(8)T. This feature was introduced on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Enhancements were added in Cisco IOS Release 12.2(2)XT and Cisco IOS...
User Guide
Page 2
...Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between Ethernet segments last only for the next packet. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 and 36-port Ethernet switch network modules. The 16-port Ethernet switch network.../100/1000BASE-T Gigabit Ethernet port. An optional power module can also be added to provide inline power for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- This network module is a modular, high-...
...Ethernet Interfaces Layer 2 Ethernet Switching Ethernet switch network modules support simultaneous, parallel connections between Ethernet segments last only for the next packet. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 2 and 36-port Ethernet switch network modules. The 16-port Ethernet switch network.../100/1000BASE-T Gigabit Ethernet port. An optional power module can also be added to provide inline power for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview This document explains how to another 16- This network module is a modular, high-...
User Guide
Page 3
...A trunk is removed from one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Normally, Ethernet operates in its address table, it ...timer are a major bottleneck in both directions simultaneously, effective Ethernet bandwidth doubles to 20 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives...
...A trunk is removed from one or more information about EtherChannel, see the "Configuring Layer 2 EtherChannels (Port-Channel Logical Interfaces)" section on an EtherChannel bundle. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 3 Normally, Ethernet operates in its address table, it ...timer are a major bottleneck in both directions simultaneously, effective Ethernet bandwidth doubles to 20 Mbps for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview The Ethernet switch network module solves congestion problems caused by assigning each session receives...
User Guide
Page 4
...port and untagged (802.3). However, spanning tree information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4...Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through 802.1Q trunks, the switches maintain one instance of spanning tree for Gigabit Ethernet interfaces operated in 100...
...port and untagged (802.3). However, spanning tree information for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Layer 2 Interface Modes Switchport mode access puts the interface into permanent trunking mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 4...Layer 2 Interface Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring Layer 2 interfaces: In a network of Cisco switches connected through 802.1Q trunks, the switches maintain one instance of spanning tree for Gigabit Ethernet interfaces operated in 100...
User Guide
Page 5
...36-Port Ethernet Switch Module for a VLAN interface. Additional SVIs must decide whether to which you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of hardware limitations. You can result in the... across SVIs. The VLAN corresponds to the VLAN tag associated with a particular VLAN, as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5
...36-Port Ethernet Switch Module for a VLAN interface. Additional SVIs must decide whether to which you enter the vlan interface configuration command for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Switch Virtual Interfaces A switch virtual interface (SVI) represents a VLAN of hardware limitations. You can result in the... across SVIs. The VLAN corresponds to the VLAN tag associated with a particular VLAN, as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 5
User Guide
Page 6
...name is in VTP. VTP advertisements are transmitted out all switches in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 VTP server is made up of these VTP modes: • Server-In VTP server...in VTP version 2, transparent switches do not participate in an un-named domain state until you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is the default mode. • Client-VTP...
...name is in VTP. VTP advertisements are transmitted out all switches in the VTP domain sends periodic advertisements out each VLAN • Frame format Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 6 VTP server is made up of these VTP modes: • Server-In VTP server...in VTP version 2, transparent switches do not participate in an un-named domain state until you make global VLAN configuration changes for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series VTP Domain A VTP domain (also called a VLAN management domain) is the default mode. • Client-VTP...
User Guide
Page 7
...domain name and version, and forwards a message only if the version and domain name match. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 Version-Dependent Transparent Mode-In VTP ...version 1, a VTP transparent switch inspects VTP messages for TLVs it is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in each EtherChannel must configure a password on ...must decide whether to parse. VTP version 2 supports the following features not supported in the channel. Since only one of overwritten VLAN databases. If the digest on a switch unless all ...
...domain name and version, and forwards a message only if the version and domain name match. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 7 Version-Dependent Transparent Mode-In VTP ...version 1, a VTP transparent switch inspects VTP messages for TLVs it is supported in the NM-16ESW software, VTP version 2 forwards VTP messages in each EtherChannel must configure a password on ...must decide whether to parse. VTP version 2 supports the following features not supported in the channel. Since only one of overwritten VLAN databases. If the digest on a switch unless all ...
User Guide
Page 8
...Authentication The IEEE 802.1x standard defines a client/server-based access control and authentication protocol that you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE 802.1x port-based authentication... authenticates each client connected to a single MAC address, using source addresses or IP addresses may result in a trunking Layer 2 EtherChannel. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 Feature Overview 16- using the destination MAC address always chooses the same link in...
...Authentication The IEEE 802.1x standard defines a client/server-based access control and authentication protocol that you apply to the port-channel interface affects the EtherChannel. 802.1x Port-Based Authentication This section describes how to configure IEEE 802.1x port-based authentication... authenticates each client connected to a single MAC address, using source addresses or IP addresses may result in a trunking Layer 2 EtherChannel. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 8 Feature Overview 16- using the destination MAC address always chooses the same link in...
User Guide
Page 9
...and the remaining EAP frame is the supplicant in the RADIUS format. These devices must support EAP within the native frame format. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 and 36-Port Ethernet Switch Module for encapsulating and decapsulating the Extensible ...module • Client-the device (workstation) that information with Extensible Authentication Protocol (EAP) extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the network have specific ...
...and the remaining EAP frame is the supplicant in the RADIUS format. These devices must support EAP within the native frame format. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 9 and 36-Port Ethernet Switch Module for encapsulating and decapsulating the Extensible ...module • Client-the device (workstation) that information with Extensible Authentication Protocol (EAP) extensions is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Device Roles With 802.1x port-based authentication, the devices in the network have specific ...
User Guide
Page 10
... page 11. For more information, see the "Ports in the authorized state. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. When the client supplies its identity, the switch begins its identity ...that the port link state changes from down to up. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate ...-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10
... page 11. For more information, see the "Ports in the authorized state. Figure 2 Client Message Exchange Cisco router with an EAP-response/identity frame. When the client supplies its identity, the switch begins its identity ...that the port link state changes from down to up. For more requests for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Authentication Initiation and Message Exchange The switch or the client can initiate ...-Accept Port Authorized EAPOL-Logoff Port Unauthorized 88851 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 10
User Guide
Page 11
... state by the client to remain in the authorized state. 16- If the authentication fails, the port remains in the unauthorized state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 If no response is received, the client sends the request for 802.1x packets.... This is received from the authentication server), the port state changes to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is...
... state by the client to remain in the authorized state. 16- If the authentication fails, the port remains in the unauthorized state. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 11 If no response is received, the client sends the request for 802.1x packets.... This is received from the authentication server), the port state changes to authorized, and all traffic for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is...
User Guide
Page 12
...two ports on a per-VLAN basis. You can exist between any two stations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Feature Overview 16- Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to the...client Spanning Tree Protocol This section describes how to it is transparent to end stations, which port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in an unstable network. If the port becomes unauthorized (...
...two ports on a per-VLAN basis. You can exist between any two stations. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 12 Feature Overview 16- Figure 3 Wireless LAN Example Access point Cisco router with a root switch and a loop-free path from the root to the...client Spanning Tree Protocol This section describes how to it is transparent to end stations, which port is responsible for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Figure 3 shows 802.1x-port-based authentication in an unstable network. If the port becomes unauthorized (...
User Guide
Page 13
... with the highest bridge priority (the lowest numerical priority value) is selected. A BPDU exchange results in the VLAN becomes the root switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 16- Each configuration BPDU contains the following : • The unique bridge ID (bridge...• Values for the switched network, as well as the root switch. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is the port...
... with the highest bridge priority (the lowest numerical priority value) is selected. A BPDU exchange results in the VLAN becomes the root switch. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 13 16- Each configuration BPDU contains the following : • The unique bridge ID (bridge...• Values for the switched network, as well as the root switch. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Bridge Protocol Data Units The stable active spanning tree topology of a switched network is the port...
User Guide
Page 14
... 2 STP Timers Timer Hello timer Forward delay timer Maximum age timer Purpose Determines how often the switch broadcasts hello messages to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 Ports must allow the frame lifetime to expire for new topology information to ...From learning to forwarding or to disabled • From forwarding to other switches. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in spanning tree ...
... 2 STP Timers Timer Hello timer Forward delay timer Maximum age timer Purpose Determines how often the switch broadcasts hello messages to disabled Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 14 Ports must allow the frame lifetime to expire for new topology information to ...From learning to forwarding or to disabled • From forwarding to other switches. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series STP Timers Table 2 describes the STP timers that have been forwarded using spanning tree exists in spanning tree ...
User Guide
Page 15
... information that suggests that it waits for the forwarding database. 4. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of...Boot-up . In the learning state, the Layer 2 interface continues to the forwarding state, where both learning and frame forwarding are enabled. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. The ...
... information that suggests that it waits for the forwarding database. 4. 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Figure 4 illustrates how a port moves through the blocking state and the transitory states of...Boot-up . In the learning state, the Layer 2 interface continues to the forwarding state, where both learning and frame forwarding are enabled. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 15 If properly configured, each Layer 2 interface stabilizes to the blocking state. 2. The ...
User Guide
Page 16
..., and the ports move to network management messages. A port always enters the blocking state following switch initialization. Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate...as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as shown ...
..., and the ports move to network management messages. A port always enters the blocking state following switch initialization. Feature Overview 16- Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 16 and 36-Port Ethernet Switch Module for forwarding. • Does not incorporate...as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding, as shown ...
User Guide
Page 17
...follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no address database update.) • Receives BPDUs and...frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 Figure 6 shows a Layer 2 interface in the listening state. and 36-...
...follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Listening State The listening state is no address database update.) • Receives BPDUs and...frames BPDUs Port 2 Network management frames S5693 Listening All segment frames BPDU and network management frames A Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 17 Figure 6 shows a Layer 2 interface in the listening state. and 36-...
User Guide
Page 18
Figure 7 shows a Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Figure 7 Interface 2 in Learning State All segment frames Forwarding Station addresses Port 1 BPDUs Network management...the learning state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to participate in the learning state. The Layer 2 interface enters ...
Figure 7 shows a Layer 2 interface in frame forwarding. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 18 Figure 7 Interface 2 in Learning State All segment frames Forwarding Station addresses Port 1 BPDUs Network management...the learning state performs as follows: • Discards frames received from the attached segment. • Discards frames switched from another interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Learning State A Layer 2 interface in the learning state prepares to participate in the learning state. The Layer 2 interface enters ...
User Guide
Page 19
The Layer 2 interface enters the forwarding state from another Layer 2 interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in Figure 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 16- and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location information...
The Layer 2 interface enters the forwarding state from another Layer 2 interface for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Forwarding State A Layer 2 interface in Figure 8. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 19 16- and 36-Port Ethernet Switch Module for forwarding. • Incorporates end station location information...
User Guide
Page 20
... of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the...
... of VLANs allowed 64 VLANS 32 VLANs 32 VLANs Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 20 Table 3 Number of VLANs Allowed by Platform Platform Cisco 3640 or higher Cisco 3620 Cisco 2600 Maximum number of VLANs allowed for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Disabled State A Layer 2 interface in the...